New Payment Model for Part B Drugs Proposed

The Centers for Medicare and Medicaid Services published on March 11 a proposed rule (81 Fed. Reg. 13230) to experiment with an alternative payment model for Medicare Part B prescription drugs. Currently, physicians and hospitals receive a Part B drug reimbursement in the amount of the average sales price, plus 6%. The proposed payment model would reduce the add-on payment to 2.5% and pay a flat fee of $16.80 per drug per day. CMS would update the flat fee at the beginning of each year by the percentage increase in the consumer price index for medical care for the most recent 12-month period.

CMS anticipates that the payment adjustment, which would cover the cost of nearly all drugs reimbursed under Part B, will result in savings through creating incentives for change in prescribers’ behavior. The new model is envisioned by CMS as a solution to perverse incentives existing within the current Medicare Part B payment methodology, which can result in penalties “for selecting lower-cost drugs, even when these drugs are as good or better for patients based on the evidence.”

Under the proposed rule, CMS would explore the efficacy of a variety of value-based pricing strategies currently used by commercial health plans, pharmacy benefit managers and hospitals within the Medicare Part B context, including:

  • Discounting or eliminating patient cost-sharing.
  • Feedback on prescribing patterns and online decision support tools for providers.
  • Indications-based pricing.
  • Reference pricing (i.e., a standard payment rate for a group of therapeutically similar drugs).
  • Risk-sharing agreements between CMS and drug manufacturers based on outcomes.

All practitioners and entities furnishing and billing for Part B drugs would be required to participate in the model, which would run for five years.

CMS would assess beginning in late 2016 whether the new model resulted in improved quality and value. CMS is accepting comments on the proposed rule through May 9, 2016.

Home Care Agency’s Effort to Circumvent Statutory Exhaustion Requirement Thwarted

The U.S. District Court for the Eastern District of Missouri on February 24 rejected a home health care provider’s efforts to avail itself of a constitutional exception to the requirement to exhaust administrative remedies with respect to appeals of Medicare denials. The litigation resulted from the decision of a Medicare contractor to reopen 30 therapy claims submitted by Plaintiff and demand repayment of $1,397,353. Plaintiff exhausted the first two levels of administrative appeal and initiated the third level. However, Plaintiff filed suit in federal district court prior to the administrative hearing. While the court observed that the Eighth Circuit has recognized a constitutional exception to the exhaustion requirement, the court held that Plaintiff did not qualify for the exception, which applies only where the litigant “(1) raises a colorable constitutional claim collateral to his substantive claim of entitlement; (2) shows that irreparable harm would result from exhaustion; and (3) shows that the purposes of exhaustion would not be served by requiring further administrative procedures.” The court determined that Plaintiff sought “review of the Medicare contractor’s determination that it overbilled the program, [and that such] relief [was] ‘inextricably intertwined’ with [Plaintiff’s] claims for benefits.” Accordingly, the claims were not collateral to Plaintiff’s substantive claim of entitlement. Moreover, the court found that Plaintiff failed to demonstrate irreparable harm, as the “Medicare statute itself provides an escalation remedy designed to provide either an expeditious resolution of claims or access to judicial review in a timely manner.” Triple A Home Care Agency, Inc. v. Burwell, No. 4:15CV668 (E.D. Mo. Feb. 24, 2016).

Stolen Laptops Result in Hefty HIPAA Settlements

The Department of Health and Human Resources Office of Civil Rights (OCR) announced on March 17 a settlement in which the nonprofit Feinstein Institute for Medical Research agreed to pay $3.9 million and to institute a Corrective Action Plan in resolution of alleged HIPAA violations resulting from the September 2012 theft of an unencrypted laptop from an employee’s car. The laptop contained the electronic protected health information (ePHI) of approximately 13,000 individuals, including names, birth dates, addresses, Social Security numbers, diagnoses, laboratory results and other medical information. Following an investigation, OCR concluded that the research institute had violated numerous HIPAA Privacy and Security Rule provisions. Among the violations cited were impermissible disclosure of ePHI; failure to conduct an adequate risk analysis of potential risk and vulnerabilities of all ePHI held by the institute; failure to implement policies and procedures for granting access to ePHI by its employees; failure to implement physical safeguards for the stolen laptop to restrict access to unauthorized users; failure to implement procedures that govern movement of ePHI-containing media into, out of and throughout the facility; and failure to either encrypt ePHI or implement an equivalent alternative measure.

Also, OCR on March 17 announced a $1.55 million settlement with North Memorial Health Care of Minnesota stemming from the theft of an unencrypted but password-protected laptop from the locked car of one of its contractors. The laptop contained the ePHI of 6,697 North Memorial patients. OCR noted that the contractor, which had access to North Memorial’s ePHI database, did not enter into a Business Associate Agreement with North Memorial as required under the HIPAA Privacy and Security Rules. OCR further concluded that North Memorial failed to conduct an accurate and thorough risk analysis that incorporated all of North Memorial’s information technology equipment.

Phase 2 HIPAA Audits Underway

In March, federal regulators took the long-anticipated step of launching a new round of HIPAA audits to test the compliance of covered entities—health plans, health care clearinghouses and health care providers who electronically transmit any health information—and the business associates that handle the health care information on behalf of covered entities. The Office of Civil Rights (OCR) at the Department of Health and Human Services (HHS) has begun the process of collecting contact information for covered entities and business associates of various types for inclusion in the pool of potential audited entities. OCR is charged with enforcing HIPAA’s Privacy and Security Rules.

OCR has stated that every covered entity and business associate is eligible for an audit, and HHS notes on its website that “for this phase of the audit program, OCR is identifying pools of covered entities and business associates that represent a wide range of health care providers, health plans, health care clearinghouses and business associates.” Following the collection of contact information, OCR will send questionnaires to covered entities and their business associates, and the data collected from these questionnaires will be used to create a pool of potential auditees. OCR will randomly select auditees from the audit pool and those auditees will be notified of their participation.

The first set of audits will be desk audits of covered entities, and the second set will be desk audits of business associates. Both of these audit sets, which will be completed by December 2016, will examine specific requirements of the Privacy, Security, or Breach Notification Rules. Auditees will be given 10 days to submit the requested documentation to a secure online portal that OCR has set up. The third set of audits will be on-site audits that will examine a broader scope of requirements than the desk audits. Some desk auditees may be subject to on-site audits. The on-site audits will be conducted over three to five days at each site.

Following the audits, OCR will send draft findings to the auditees. The auditees will have 10 business days to review the draft findings and provide written comments to the auditor. The auditor will complete a final audit report for each entity within 30 business days after the auditee’s response. OCR will share a copy of the final report with the audited entity. The auditors will not be looking to state specific privacy and security rules and will limit their review to the Privacy, Security and Breach Notification Rules under HIPAA.

HHS has stated that OCR will use the audit reports to determine what types of technical assistance should be developed, identify what types of corrective action would be most helpful and, by analyzing the information received from the audits, will develop tools and guidance to assist the industry in compliance self-evaluation and in preventing breaches. However, if an audit reveals a serious compliance issue, OCR may begin a compliance review to investigate the matter further.

MedPAC Annual Report Recommends Part B Cuts for 340B Hospitals, Reforming SNF, Home Health Payments

MedPAC’s annual report published March 15 calls for far-reaching payment reforms with the potential to impact a variety of health providers. Notably, MedPAC proposes the reduction of Part B drug payments to eligible safety net hospitals participating in the 340B drug program under which hospitals obtain drugs from wholesalers at greatly discounted prices while continuing to receive standard Part B reimbursement rates from Medicare. The surplus reimbursement may, in turn, be utilized by eligible hospitals to improve access to care. MedPAC’s proposal would reduce the Part B payment rates by 10% of the average sales price and allocate the resulting savings to the Medicare-funded uncompensated care pool. On March 15, 340B Health, an industry group representing safety net hospitals, expressed its strong opposition to the proposal, stating: “What MedPAC proposes is a radical restructuring of the 340B drug pricing program. It is a solution in search of a problem—and one that would negatively impact many safety net hospitals and their communities. Now is not the time to consider fundamental changes to the program, especially as 340B hospitals struggle to meet the needs of their low-income and underserved populations in an era of rapidly increasing drug costs.”

Additionally, the MedPAC report urges Congress to freeze Skilled Nursing Facility (SNF) payments for 2017 and 2018, and to revise the prospective payment system for SNFs and home health to promote payment accuracy. MedPAC further recommends the elimination commencing in 2018 of the use of therapy as a payment factor in the home health prospective payment system.